1. Field of the Invention
The invention relates to a method for franking mailpieces, especially letters, parcels and packages, whereby an operating unit is operated separately from a franking unit.
The invention also relates to a device for franking mailpieces comprising an operating unit and a franking unit.
2. Related Technology
A method of the generic type and a device of the generic type are known from DE 100 20 566 C2. In this known method, a cryptographic module integrated into a customer system generates an encrypted random number and an identification number. A loading center decrypts the random number and the identification number. On this basis, the customer or the customer system used by the customer is identified. Subsequently, the loading center encrypts the random number as well as a default identification number and transmits it to the customer system. Then the customer system generates postage indicia containing the encrypted random number and the likewise encrypted default identification number.
An example of such a franking system is the STAMPIT system of the Deutsche Post AG. STAMPIT consists of software named “STAMPIT Client” that is installed on the PC of every STAMPIT customer and of a central system operated in a computer center of the Deutsche Post named “STAMPIT Server”. The STAMPIT Client serves as the operating unit and the STAMPIT Server as the franking unit. Both units are connected to each other via the Internet. When a customer would like to produce a postage indicium, a request is sent via the network connection from the STAMPIT Client to the STAMPIT Server. The latter generates the postage indicium as an electronic byte string in a highly secure cryptographic module. After the byte string has been transmitted back from the STAMPIT Server to the STAMPIT Client, the cryptographically secure byte string is converted there into a machine-readable barcode and this barcode is printed out together with other data to produce a valid PC postage indicium.
This known method makes it possible for users of personal computers to load postage amounts via the Internet and to generate postage indicia using the loaded postage amounts.
Another method of the generic type is disclosed in WO 01/45051 A1 relating specifically to a system for generating digital postage indicia wherein a client computer is connected to a postage server via the Internet. The postage server comprises cryptographic modules in which cryptographic components of digital postage indicia are generated, and said postage server is, in turn, connected to a system of the United States Postal Service. The client computers are equipped with software for executing postage procedures and users are licensed by the USPS and registered in the postage server. Requests to print out digital postage indicia are sent from the client computers to the postage server where, in particular, it is checked whether the client computer or the user is authorized to print out postage indicia. For this purpose, the client computer sends a password entered by the user to the postage server.
WO 99/48053 discloses a system wherein a user system is connected to a PSD (postal security device). This device, in turn, is connected to a producer system via which a postage credit can be loaded, whereby the producer system is connected to a system of a postal authority. In order to license a user, a request for licensing is sent to a PSD which then transmits a signed request message to a producer system. This system verifies the signature and requests a license from the postal authority that is then sent to the PSD and registered there.
Moreover, DE 40 34 292 A1 describes a method for franking mailpieces in which postage indicia can be generated by a franking unit in a remote copier, whereby the franking unit is connected to a data processing center in order to request franking data and to transact postage charges, said franking unit exchanging encrypted messages with said data processing center.
GENERAL DESCRIPTION OF THE INVENTION
The invention provides a franking method with which franking-relevant processes can be carried out by multiple users of a computer network.
The invention provides a method for franking mailpieces, where an operating unit is operated separately from a franking unit, the operating unit transmits a transaction request to an authorization unit, the authorization unit ascertains an authorization of an user of the operating unit on the basis of an authorization profile, the transmitted transaction request is authenticated by the authorization unit according to the ascertained authorization, the authorization unit converts the authenticated transaction request into a transaction job, the transaction job is transmitted to a franking unit, the authorization unit is authenticated in the area of the franking unit, the transaction job is processed in the franking unit and the result of the execution of the transaction job is sent out by the franking unit.
The invention provides a device for franking mailpieces using an operating unit and a franking unit, where the operating unit and the franking unit are spatially separated from each other, the operating unit and the franking unit are connected to each other via a data line and this connection is configured in such a way that an authorization unit is located in the connection line. The operating unit sends transaction requests to the authorization unit, and the authorization unit checks the authorization of a user of the operating unit. The authorization unit includes an interface for transmitting the authenticated authentication jobs to the franking unit and the franking unit carries out the authentication of the authorization unit. The franking unit executes transaction jobs, and the franking unit transmits the transaction jobs.
In particular, the operating unit transmits a transaction request to an authorization unit, the authorization unit ascertains an authorization of an user of the operating unit on the basis of an authorization profile, the transmitted transaction request is authenticated by the authorization unit according to the ascertained authorization, the authorization unit converts the authenticated transaction request into a transaction job, the transaction job is transmitted to a franking unit, the transaction job is processed in the franking unit and subsequently, the result of the execution of the transaction job is sent out by the franking unit.
The invention provides a method and a device for franking mailpieces with which franking procedures or other franking-relevant processes are carried out in such a way that they allow the administration of multiple users with different rights.
The invention can be used for any kinds of transaction requests. The term “transaction request” is to be understood in its broadest sense. In particular, the transaction request can be a request to load a charge amount, a request to generate one or more postage indicia or a request for other mailing-relevant information, for example, a request for addresses from an address database.
In particular, the invention proposes for a franking procedure or a franking-relevant transaction to be requested via an operating unit, for this franking request or transaction request to be authenticated in a separate authorization unit,
The invention proposes an especially advantageous configuration in which the franking system is modular. In addition to the advantage of recognition of the system and components as well as the ability to develop and implement them independently of each other, there is the special advantage of a great flexibility in the use of the franking system by multiple users.
An especially preferred embodiment of the invention is characterized in that the transaction request is transmitted from the operating unit to the authorization unit, in that the transaction request is authenticated in the authorization unit and in that the authorization unit subsequently transmits an authenticated transaction job to the franking unit.
A special advantage of the inventive separation of the components in franking systems lies in the fact that a so-called cryptographic module can be used in which processes are executed that render the generated postage indicia more forgery-proof. This cryptographic module preferably consists of separate hardware and software. The task of this hardware and software is to store secret or otherwise important data so that it is secure against access and manipulation as well as to execute cryptographic operations such as encryption or signatures in a secure environment. Cryptographic modules of the type specified, for example, in the public standard FIPS 140-2 of the American National Institute of Standards and Technology NIST (see www.nist.gov), are characterized in that any manipulation to the module is detected, results in an interruption of the operations and the deletion of the contents and optionally also causes the destruction of the module. The only reason why electronic franking systems can generate forgery-proof postage indicia is that it is not possible for a user employing a modern franking system with fraudulent intentions to influence or replicate the franking processes that take place in the cryptographic module.
In order to be able to use the functions of the cryptographic module especially effectively, it is advantageous for the interfaces for user interaction that are needed for the operation of the franking system to be accommodated in a separate unit. In this manner, in modern franking systems with which forgery-proof postage indicia can be generated, the operating unit and the franking unit consisting of the cryptographic module are separate from each other.
Another advantage of the separation of the operating unit and the franking unit is that they can be spatially separated from each other. The connection between the operating unit (customer PC) and the franking unit (among other things, the cryptographic module) is established via a data network.
The practical advantage of this physical separation of the operating unit and the franking unit lies in the fact that the forgery-proof postage indicia can be generated on a PC without the use of a cryptographic module that is operated locally on the PC. Instead, the module is inexpensively operated centrally and used by all franking customers on an as-needed basis.
Another advantage of the invention is that it allows the use of various methods for user authentication. In order to ensure that postage indicia with a monetary value are only generated by authorized users, as a rule, franking systems are equipped with access safeguards. In the simplest case, such a safeguard is a secret code that has to be entered when the system is activated. The method of the secret code is used, among other things, in order to safeguard electronic postage meters.
Moreover, it is advantageous to use a pairing between user identification and user authentication. This is carried out, for example, by entering a user name (which serves as the identification) and a password (which serves as the authentication). Here, the security is based on the fact that only the authorized user knows the password.
In addition to knowledge-based security, other authentication methods are also suitable that either call for additional possession of an object or that involve biometric features of the user.
An authentication through possession of an object is used, for example, in security systems based on microprocessor chip cards, so-called SmartCards. Along the lines of a cryptographic module, data is stored on a chip card or operations are carried out that cannot be read out or manipulated. Since such cards cannot be forged or replicated, they lend themselves especially well for secure identification. In addition to such an identification of the chip card, passwords or PINs (personal identification numbers) are routinely used for the authentication of the legitimate owner.
Additional advantageous methods for authentication are based on reading out biometric features of the legitimate user. The objective is to scan unchangeable and unique biometric features—such as the fingerprint or iris pattern—to recognize whether that person is an authorized user. Since the components “knowledge” and “possession” can be dispensed with, biometric methods are viewed as an especially simple, secure and thus future-oriented authentication method.
According to the invention, other information can also be used for identification and authentication purposes.
For example, it is advantageous for an account number of a postage account from which postage values can be loaded to be used as an identification feature.
The authentication of access to the postage account is carried out, for instance, by entering a password.
The information for identification and authentication is used in the authorization unit in order to select the appropriate postage account in the secure cryptographic module on the basis of the account number and to activate the account with the password. Whereas the account number, as an identification feature, has to be visible on the “outside” of the cryptographic module, the password is verified inside the cryptographic module. The verification is carried out inside the module because the entered password (or an image of the password) is compared to a stored password (or to its corresponding image). In order to prevent third parties from reading out the stored password (or its image), it is stored inside the cryptographic module of the franking unit.
Advantageously, the authorization unit and/or the user is authenticated in the cryptographic module of the franking unit.